CVE-2018-10624

CVSS v3.1

6.5

Medium

Vector

AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Johnson Controls Metasys System versions 8.0 and prior BCPro (BCM) versions prior to 3.0.2

Description This issue results from improper error handling in HTTP-based communications with the server, which could allow an attacker to obtain technical information.

Recommendations For Johnson Controls Metasys System versions 8.0 and prior, update to a version later than 8.0 to resolve the issue. For BCPro (BCM) versions prior to 3.0.2, update to version 3.0.2 or later to resolve the issue.

Fix

Generation of Error Message Containing Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-388CWE-209

Related Identifiers

CVE-2018-10624

Affected Products

Bcpro

Johnson Controls Metasys System

CVE-2018-10624

Weakness Enumeration

Related Identifiers

Affected Products

References · 6